The review attachment resource in Atlassian Fisheye and Crucible before version 4.3.2, from version 4.4.0 before 4.4.3 and before version 4.5.0 allows remote attackers to read files contained within context path of the running application through a path traversal vulnerability in the command parameter.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/104578 | Third Party Advisory VDB Entry |
https://jira.atlassian.com/browse/CRUC-8212 | Issue Tracking Third Party Advisory |
https://jira.atlassian.com/browse/FE-7061 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: atlassian
Published: 2018-06-28T00:00:00
Updated: 2018-06-29T09:57:01
Reserved: 2017-11-16T00:00:00
Link: CVE-2017-16859
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-06-28T14:29:00.213
Modified: 2018-08-23T11:38:23.537
Link: CVE-2017-16859
JSON object: View
Redhat Information
No data.
CWE